Update NSS to 3.21 RTM and NSPR to 4.11 RTM

nss/lib/freebl/pqg.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*
  * PQG parameter generation/verification.  Based on FIPS 186-3.
  */
 #ifdef FREEBL_NO_DEPEND
 #include "stubs.h"
 #endif
@@ skipping 476 matching lines @@
 */
 #define MAX_ST_SEED_BITS (HASH_LENGTH_MAX*PR_BITS_PER_BYTE)
 SECStatus
 makePrimefromPrimesShaweTaylor(
       HASH_HashType hashtype,   /* selected Hashing algorithm */
       unsigned int  length,     /* input. Length of prime in bits. */
       mp_int    *   c0,         /* seed prime */
       mp_int    *   q,          /* sub prime, can be 1 */
       mp_int    *   prime,      /* output.  */
       SECItem   *   prime_seed, /* input/output.  */
-      int       *   prime_gen_counter) /* input/output.  */
+      unsigned int *prime_gen_counter) /* input/output.  */
 {
     mp_int c;
     mp_int c0_2;
     mp_int t;
     mp_int a;
     mp_int z;
     mp_int two_length_minus_1;
     SECStatus rv = SECFailure;
     int hashlen = HASH_ResultLen(hashtype);
     int outlen = hashlen*PR_BITS_PER_BYTE;
@@ skipping 212 matching lines @@
 **
 **  This generates a provable prime from a seed
 */
 SECStatus
 makePrimefromSeedShaweTaylor(
       HASH_HashType hashtype,   /* selected Hashing algorithm */
       unsigned int  length,     /* input.  Length of prime in bits. */
 const SECItem   *   input_seed,       /* input.  */
       mp_int    *   prime,      /* output.  */
       SECItem   *   prime_seed, /* output.  */
-      int       *   prime_gen_counter) /* output.  */
+      unsigned int *prime_gen_counter) /* output.  */
 {
     mp_int c;
     mp_int c0;
     mp_int one;
     SECStatus rv = SECFailure;
     int hashlen = HASH_ResultLen(hashtype);
     int outlen = hashlen*PR_BITS_PER_BYTE;
     int offset;
     unsigned char bit, mask;
     unsigned char x[HASH_LENGTH_MAX*2];
@@ skipping 134 matching lines @@
  * Find a Q and algorithm from Seed.
  */
 static SECStatus
 findQfromSeed(
       unsigned int  L,          /* input.  Length of p in bits. */
       unsigned int  N,          /* input.  Length of q in bits. */
       unsigned int  g,          /* input.  Length of seed in bits. */
 const SECItem   *   seed,       /* input.  */
       mp_int    *   Q,          /* input. */
       mp_int    *   Q_,         /* output. */
-      int       *  qseed_len,   /* output */
+      unsigned int *qseed_len,   /* output */
       HASH_HashType *hashtypePtr,  /* output. Hash uses */
       pqgGenType    *typePtr)      /* output. Generation Type used */
 {
     HASH_HashType hashtype;
     SECItem  firstseed = { 0, 0, 0 };
     SECItem  qseed = { 0, 0, 0 };
     SECStatus rv;
 
     *qseed_len = 0; /* only set if FIPS186_3_ST_TYPE */
 
@@ skipping 34 matching lines @@
             return SECSuccess;
         }
     }
     /*
      * OK finally try FIPS186_3 Shawe-Taylor 
      */
     firstseed = *seed;
     firstseed.len = seed->len/3;
     for (hashtype = getFirstHash(L,N); hashtype != HASH_AlgTOTAL; 
                                         hashtype=getNextHash(hashtype)) {
-        int count;
+        unsigned int count;
 
         rv = makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, Q_, 
                 &qseed, &count);
         if (rv != SECSuccess) {
             continue;
         }
         if (mp_cmp(Q,Q_) == 0) {
             /* check qseed as well... */
             int offset = seed->len - qseed.len;
             if ((offset < 0) || 
@@ skipping 185 matching lines @@
                 const SECItem *seed,    /* input. */
                 unsigned char index,    /* input. */
                 mp_int *G)              /* input/output */
 {
     mp_int e, pm1, W;
     unsigned int count;
     unsigned char data[HASH_LENGTH_MAX];
     unsigned int len;
     mp_err err = MP_OKAY;
     SECStatus rv = SECSuccess;
-    const SECHashObject *hashobj;
+    const SECHashObject *hashobj = NULL;
     void *hashcx = NULL;
 
     MP_DIGITS(&e) = 0;
     MP_DIGITS(&pm1) = 0;
     MP_DIGITS(&W) = 0;
     CHECK_MPI_OK( mp_init(&e) );
     CHECK_MPI_OK( mp_init(&pm1) );
     CHECK_MPI_OK( mp_init(&W) );
 
     /* initialize our hash stuff */
@@ skipping 65 matching lines @@
 /* This code uses labels and gotos, so that it can follow the numbered
 ** steps in the algorithms from FIPS 186-3 appendix A.1.1.2 very closely,
 ** and so that the correctness of this code can be easily verified.
 ** So, please forgive the ugly c code.
 **/
 static SECStatus
 pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type,
          unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy)
 {
     unsigned int  n;        /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
-    unsigned int  b;        /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
     unsigned int  seedlen;  /* Per FIPS 186-3 app A.1.1.2  (was 'g' 186-1)*/
     unsigned int  counter;  /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
     unsigned int  offset;   /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
     unsigned int  outlen;   /* Per FIPS 186-3, appendix A.1.1.2. */
     unsigned int  maxCount;
     HASH_HashType hashtype;
     SECItem      *seed;     /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
     PLArenaPool  *arena  = NULL;
     PQGParams    *params = NULL;
     PQGVerify    *verify = NULL;
@@ skipping 59 matching lines @@
     CHECK_MPI_OK( mp_init(&p0) );
 
     /* Select Hash and Compute lengths. */
     /* getFirstHash gives us the smallest acceptable hash for this key
      * strength */
     hashtype = getFirstHash(L,N);
     outlen = HASH_ResultLen(hashtype)*PR_BITS_PER_BYTE;
 
     /* Step 3: n = Ceil(L/outlen)-1; (same as n = Floor((L-1)/outlen)) */
     n = (L - 1) / outlen; 
-    /* Step 4: b = L -1 - (n*outlen); (same as n = (L-1) mod outlen) */
-    b = (L - 1) % outlen;
+    /* Step 4: (skipped since we don't use b): b = L -1 - (n*outlen); */
     seedlen = seedBytes * PR_BITS_PER_BYTE;    /* bits in seed */
 step_5:
     /* ******************************************************************
     ** Step 5. (Step 1 in 186-1)
     ** "Choose an abitrary sequence of at least N bits and call it SEED.
     **  Let g be the length of SEED in bits."
     */
     if (++iterations > MAX_ITERATIONS) {        /* give up after a while */
         PORT_SetError(SEC_ERROR_NEED_RANDOM);
         goto cleanup;
@@ skipping 17 matching lines @@
     **
     ** If using Shawe-Taylor, We do the entire A.1.2.1.2 setps in the block
     ** FIPS186_3_ST_TYPE. 
     */
     if (type == FIPS186_1_TYPE) {
         CHECK_SEC_OK( makeQfromSeed(seedlen, seed, &Q) );
     } else if (type == FIPS186_3_TYPE) {
         CHECK_SEC_OK( makeQ2fromSeed(hashtype, N, seed, &Q) );
     } else {
         /* FIPS186_3_ST_TYPE */
-        int qgen_counter, pgen_counter;
+        unsigned int qgen_counter, pgen_counter;
 
         /* Step 1 (L,N) already checked for acceptability */
 
         firstseed = *seed;
         qgen_counter = 0;
         /* Step 2. Use N and firstseed to  generate random prime q
          * using Apendix C.6 */
         CHECK_SEC_OK( makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, &Q,
                 &qseed, &qgen_counter) );
         /* Step 3. Use floor(L/2+1) and qseed to generate random prime p0
@@ skipping 220 matching lines @@
 SECStatus   
 PQG_VerifyParams(const PQGParams *params, 
                  const PQGVerify *vfy, SECStatus *result)
 {
     SECStatus rv = SECSuccess;
     unsigned int g, n, L, N, offset, outlen;
     mp_int p0, P, Q, G, P_, Q_, G_, r, h;
     mp_err err = MP_OKAY;
     int j;
     unsigned int counter_max = 0; /* handle legacy L < 1024 */
-    int qseed_len;
+    unsigned int qseed_len;
     SECItem pseed_ = {0, 0, 0};
     HASH_HashType hashtype;
     pqgGenType type;
 
 #define CHECKPARAM(cond)      \
     if (!(cond)) {            \
         *result = SECFailure; \
         goto cleanup;         \
     }
     if (!params || !vfy || !result) {
@@ skipping 72 matching lines @@
     CHECKPARAM( g >= N && g < counter_max/2 );
     /* 9.  Q generated from SEED matches Q in PQGParams. */
     /* This function checks all possible hash and generation types to
      * find a Q_ which matches Q. */
     CHECKPARAM( findQfromSeed(L, N, g, &vfy->seed, &Q, &Q_, &qseed_len,
                                         &hashtype, &type) == SECSuccess );
     CHECKPARAM( mp_cmp(&Q, &Q_) == 0 );
     if (type == FIPS186_3_ST_TYPE) {
         SECItem qseed = { 0, 0, 0 };
         SECItem pseed = { 0, 0, 0 };
-        int first_seed_len;
-        int pgen_counter = 0;
+        unsigned int first_seed_len;
+        unsigned int pgen_counter = 0;
 
         /* extract pseed and qseed from domain_parameter_seed, which is
          * first_seed || pseed || qseed. qseed is first_seed + small_integer
          * pseed is qseed + small_integer. This means most of the time 
          * first_seed.len == qseed.len == pseed.len. Rarely qseed.len and/or
          * pseed.len will be one greater than first_seed.len, so we can
          * depend on the fact that 
          *   first_seed.len = floor(domain_parameter_seed.len/3).
          * findQfromSeed returned qseed.len, so we can calculate pseed.len as
          *   pseed.len = domain_parameter_seed.len - first_seed.len - qseed.len
@@ skipping 141 matching lines @@
     if (vfy == NULL) 
         return;
     if (vfy->arena != NULL) {
         PORT_FreeArena(vfy->arena, PR_FALSE);   /* don't zero it */
     } else {
         SECITEM_FreeItem(&vfy->seed,   PR_FALSE); /* don't free seed */
         SECITEM_FreeItem(&vfy->h,      PR_FALSE); /* don't free h */
         PORT_Free(vfy);
     }
 }